//===============================================================
//  (Bibi Leung, 5-12-2004)
//  This function is to stop any possible SQL injection 
//  to be injected in the forms.
//===============================================================
function RejectSpecialChar(form) {
	 
	var strMessage = "The form contains invalid characters!" + "\n\n" + "Please check your form, and try again!";
	 
	 //Get all elements in the form
     var elementNum = form.elements.length;     
	  
	  for (var eachElement=0; eachElement<elementNum; eachElement++){	
	  
	    var checkElement = form.elements[eachElement];
	    
	    if ((checkElement.type == "text") || (checkElement.type == "password") || (checkElement.type == "textarea")){
	    
	    //var elementName = form.elements[eachElement].name;
	    var elementValue = form.elements[eachElement].value.toLowerCase();	 
	    
			// Search to find any invalue Chars, then redirect to previous page
			if ((elementValue.indexOf('*') >= 0) ||
				(elementValue.indexOf('--') >= 0) ||
				(elementValue.indexOf('+') >= 0) ||
				(elementValue.indexOf('=') >= 0) ||
				(elementValue.indexOf('|') >= 0)){
				
				alert(strMessage); 
				return false;					
			}  
		}	    
	  }	     
}